Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice.

At Regions, the Cyber Security Architect contributes to the advancement of Regions’ cyber security program and its capabilities through developing, communicating, and implementing a security architecture. This position establishes secure development practices which increases the security of internal systems. Additionally, this position collaborates closely with key stakeholders and teams as part of business projects and/or initiatives.

Primary Responsibilities

• Develops and establishes a strategic cyber security architecture and strategic vision, including standards and frameworks that are aligned with the overall business and Regions’ information technology strategy
• Provides advisory and consultative services to businesses, information technology groups, and cyber security senior leadership
• Works closely with Enterprise Architecture and Application Development groups to enhance the security posture of new and existing systems
• Designs cyber security architecture, evaluates and mitigates potential risk, and approves implementation of systems and applications into production
• Performs assessments using the National Institute of Standards and Technology (NIST) Cyber Security Framework and the Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool to identify gaps and remediate deficiencies
• Ensures systems and applications are implemented with compensating controls to meet regulatory requirements (e.g. GLBA, SOX, HIPPA, FFIEC, etc.) as well as other organizational compliance (PCI) requirements
• Tracks metrics for compliance to internal cyber security standards set by application and system owners
• Provides consultative services related to large business projects
• May lead the work of junior architects and evaluate needs, assisting in the development of necessary skills and technical knowledge

This position is exempt from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay.

Requirements

• Bachelor’s degree in Computer Science, or related field
• Seven (7) years of experience in cyber security, with a focus on software development, secure software development lifecycle (SDLC), or security architecture

Preferences

• Experience in the design and implementation of cyber security solutions

Skills and Competencies

• Ability to effectively evaluate risk vs. reward
• Ability to independently problem solve with sound judgement
• Ability to translate complex technical information across all levels of the organization through communications and/or presentations
• Ability to work in a team environment when applicable
• Advanced knowledge of risks associated with virtualization and cloud-based computing and the impact of those technologies on an organizations security posture
• Advanced knowledge of security principles, solutions, tools, methodologies, and techniques
• Proficiency in Microsoft Office (Excel, Word, PowerPoint, Outlook, etc.)
• Strong project management skills
• Strong verbal, written communication, and organizational skills
• Strong work ethic and self-motivation

Additional Job Description

You will be a subject-matter expert for securing GenAI capabilities (LLM APIs, agent frameworks, RAG pipelines, MCP-based tools, and Agentic AI). You’ll design controls that protect data, ensure safe tool use, and meet emerging AI-specific regulations and standards.

Skills & Competencies

• Architecting secure cloud workloads in AWS and/or Azure: prior demonstrable work designing and securing production systems.
• Architecting secure LLM integrations across clouds and model providers — e.g., using AWS Bedrock (e.g., Anthropic Claude, Meta Llama, Cohere, Titan), Azure OpenAI Service (OpenAI GPT), etc.
• Securing Agentic AI workflows: understanding how autonomous/semi-autonomous agents interact with tools, APIs, and enterprise data; mitigating risks like over-permissioning, SSRF, and data exfiltration through sandboxing, scoped tokens, allowlists, and execution monitoring.
• Designing and governing RAG pipelines: applying data classification, PII scrubbing, retrieval allow/deny rules, prompt templating, grounding policies, vector DB access control/rotation, query-time guardrails, and ensuring retention, lineage, consent, copyright compliance, secrets handling in prompts, and tenant isolation for embeddings/vector stores.
• Threat-modeling GenAI systems using OWASP Top 10 for LLMs/GenAI and MITRE ATLAS; addressing risks such as prompt injection, insecure output handling, data poisoning, model/data exfiltration, model DoS/cost abuse, supply-chain risks, and model extraction.
• Monitoring model quality and responses: designing automated evaluation pipelines (e.g., LLM-as-a-judge, bias/toxicity/factual accuracy checks), establishing continuous monitoring in production, and integrating human-in-the-loop escalation for sensitive outputs.
• Securing Model Context Protocol (MCP) implementations: applying authentication/authorization, scoping, sandboxing, and auditing for tool/data access.
• Applying security frameworks and guidance such as NIST AI RMF & Generative AI Profile, OWASP Top 10 for LLMs, MITRE ATLAS, Google SAIF, and UK NCSC AI security guidance.
• Applying governance and regulatory frameworks such as ISO/IEC 42001 AI Management System

​This position is intended to be onsite, now or in the near future. Associates will have regular work hours, including full days in the office three or more days a week. The manager will set the work schedule for this position, including in-office expectations. Regions will not provide relocation assistance for this position, and relocation would be at your expense. This position must be within a reasonable driving distance to Birmingham, AL, Atlanta, GA, Nashville, TN or Charlotte, NC. Exceptions to the geographic location requirement may be made for current Regions associates who work remotely.

Compensation Details

Pay ranges are job specific and are provided as a point-of-market reference for compensation decisions. Other factors which directly impact pay for individual associates include: experience, skills, knowledge, contribution, job location and, most importantly, performance in the job role. As these factors vary by individuals, pay will also vary among individual associates within the same job.

The target information listed below is based on the Metropolitan Statistical Area Market Range for where the position is located and level of the position.

Job Range Target:

Minimum:

50th Percentile:

Incentive Pay Plans:

Location:

Equal Opportunity Employer/including Disabled/Veterans

Job applications at Regions are accepted electronically through our career site for a minimum of five business days from the date of posting. Job postings for higher-volume positions may remain active for longer than the minimum period due to business need and may be closed at any time thereafter at the discretion of the company.